Components

The following section describes the major components of the Zentera Air service.

Zentera Air Services (delivered from Zentera points of presence)

Billing Portal

Zentera Air's billing portal allows you to view and add services, view invoices, and manage your billing method. When you sign up for Zentera Air services, you are automatically granted access to the billing portal.

The billing portal can be found at https://billing.zentera.net/portal/zenterasystems.

zCenter Service Portal

The zCenter service portal allows you to manage all configuration and security of your deployment, including onboarding users and devices, configuring an identity provider, configuring security policies, and viewing security logs and history.

When you sign up for Zentera Air services, you will need to choose a service region to host your zCenter service portal. You are free to choose any supported region; the control path for application traffic is generally less sensitive to latency and will have only a minor impact on application performance and user experience.

You will be provided with a unique URL for your service. If you are interested in obtaining a custom domain for your Zentera Air services, please contact us at air-support@zentera.net.

ZNS Data Services

The Zentera Air ZNS layer provides secure WAN connectivity allowing remote users and applications to connect to applications in a different network domain.

When you choose a service region for the zCenter service portal, that region becomes the default ZNS data service region for your access policies. However, you are free to override that default selection and choose another service region for each access policy. A typical best practice is to select ZNS data services in the region physically closest to the application that is being accessed.

Customer-Deployed Components

At present, there are two customer-deployed components for Zentera Air.

zLink Agent

The zLink agent is the primary mechanism for onboarding servers and applications to Zentera Air, and is installed to servers that need to be accessed and secured. The zLink agent can be downloaded for a variety of architectures and updated remotely through the zCenter portal.

Gateway Proxy

The Gateway Proxy allows you to onboard services or devices that cannot be supported using an agent. It is delivered as a Linux virtual appliance to be installed in your network, next to the services or devices that need to be accessed.

A Gateway Proxy can be thought of as an on-ramp or off-ramp for ZTNA. It can provide filtering for ZTNA access going to/from the physical network, but it does not provide Application Chamber functionality.  If you need an agentless solution that supports Application Chambers, please contact air-support@zentera.net regarding our Micro-Segmentation Gatekeeper appliances, which are compatible with Zentera Air.

Architecture

The high level architecture of Zentera Air shown in deployment context is shown in the figures below.

The control plane access for the global deployment will connect back to your zCenter service portal:

Dataplane connections for WAN connectivity will route through the configured ZNS Data Services region: